Submit #275053: rebuild rebuild <= 3.5.5 Unauthorized file readinfo

Title	rebuild rebuild <= 3.5.5 Unauthorized file read
Description	In the FileDownloader#proxyDownloadmethod, receives the parameter url, and calls QiniuCloud.getStorageFilemethod,and call writeLocalFile to echo result.So the attacker can read files of user directory .rebuild without login.
Source	⚠️ https://www.yuque.com/mailemonyeyongjuan/tha8tr/ouiw375l0m8mw5ls
User	lemono (UID 59906)
Submission	01/30/2024 04:21 (2 years ago)
Moderation	01/31/2024 08:02 (1 day later)
Status	Accepted
VulDB entry	252455 [Rebuild up to 3.5.5 /filex/proxy-download QiniuCloud.getStorageFile url information disclosure]
Points	16

Do you know our Splunk app?

Download it now for free!